Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
AmazonTuftool

3 matches found

CVE
CVEadded 2026/04/24 7:44 p.m.20 views

CVE-2026-6968

CVE-2026-6968 affects awslabs/tough prior to tough-v0.22.0 (and related tuftool). The vulnerability arises from incomplete path traversal fixes, where write operations join the destination path before containment verification, enabling remote authenticated users with delegated signing authority t...

7.1CVSS5.4AI score0.0052EPSS
CVE
CVEadded 2026/04/24 7:38 p.m.17 views

CVE-2026-6966

The CVE-2026-6966 issue affects awslabs/tough prior to tough-v0.22.0, where improper verification of cryptographic signature uniqueness in delegated role validation can allow remote authenticated users to bypass the TUF signature threshold by duplicating a valid signature, causing the client to a...

7CVSS5.3AI score0.00262EPSS
CVE
CVEadded 2026/04/24 7:41 p.m.10 views

CVE-2026-6967

Affected software: awslabs/tough (before tough-v0.22.0) with delegated metadata validation. Root cause: missing expiration, hash, and length enforcement in delegated metadata validation causing load_delegations to bypass TUF integrity checks for delegated targets metadata. Impact: remote authenti...

7.1CVSS5.3AI score0.00246EPSS